From e2bf1d5eb11d780db1f9bec6fbc6b614684510dd Mon Sep 17 00:00:00 2001 From: Devin Howard Date: Sun, 20 Dec 2015 18:36:57 +0800 Subject: [PATCH 1/4] try to make metamaps more tls friendly --- app/assets/javascripts/src/Metamaps.js.erb | 15 +++++++++------ app/controllers/application_controller.rb | 10 ++++++++-- app/views/layouts/_lightboxes.html.erb | 10 +++++++--- 3 files changed, 24 insertions(+), 11 deletions(-) diff --git a/app/assets/javascripts/src/Metamaps.js.erb b/app/assets/javascripts/src/Metamaps.js.erb index 33cb15ef..bcc5dcf0 100644 --- a/app/assets/javascripts/src/Metamaps.js.erb +++ b/app/assets/javascripts/src/Metamaps.js.erb @@ -928,8 +928,11 @@ Metamaps.TopicCard = { setTimeout(function () { var text = $(element).val(); if (event.type=="paste" || (event.type=="keyup" && event.which==13)){ - if (text.slice(0, 4) !== 'http') { - text='http://'+text; + // TODO evaluate converting this to '//' no matter what (infer protocol) + if (text.slice(0, 7) !== 'http://' && + text.slice(0, 8) !== 'https://' && + text.slice(0, 2) !== '//') { + text='//'+text; } topic.save({ link: text @@ -1897,7 +1900,7 @@ Metamaps.Util = { return (url.match(/\.(jpeg|jpg|gif|png)$/) != null); }, checkURLisYoutubeVideo: function (url) { - return (url.match(/^http:\/\/(?:www\.)?youtube.com\/watch\?(?=[^?]*v=\w+)(?:[^\s?]+)?$/) != null); + return (url.match(/^https?:\/\/(?:www\.)?youtube.com\/watch\?(?=[^?]*v=\w+)(?:[^\s?]+)?$/) != null); } }; // end Metamaps.Util @@ -1907,9 +1910,9 @@ Metamaps.Util = { * */ Metamaps.Realtime = { - stringForLocalhost: 'http://localhost:5001', - stringForMetamaps: 'http://metamaps.cc:5001', - stringForHeroku: 'http://gentle-savannah-1303.herokuapp.com', + stringForLocalhost: '//localhost:5001', + stringForMetamaps: '//metamaps.cc:5001', + stringForHeroku: '//gentle-savannah-1303.herokuapp.com', socket: null, isOpen: false, changing: false, diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 4278637f..de20193a 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -11,7 +11,13 @@ class ApplicationController < ActionController::Base helper_method :admin? def after_sign_in_path_for(resource) - sign_in_url = url_for(:action => 'new', :controller => 'sessions', :only_path => false, :protocol => 'http') + unsafe_uri = request.env["REQUEST_URI"] + if unsafe_uri.starts_with? 'http' && !unsafe_uri.starts_with? 'https' + protocol = 'http' + else + protocol = 'https' + end + sign_in_url = url_for(:action => 'new', :controller => 'sessions', :only_path => false, :protocol => protocol) if request.referer == sign_in_url super @@ -60,7 +66,7 @@ private def get_invite_link unsafe_uri = request.env["REQUEST_URI"] valid_url = /^https?:\/\/([\w\.-]+)(:\d{1,5})?\/?$/ - safe_uri = (unsafe_uri.match(valid_url)) ? unsafe_uri : "http://metamaps.cc/" + safe_uri = (unsafe_uri.match(valid_url)) ? unsafe_uri : "//metamaps.cc/" @invite_link = "#{safe_uri}join" + (current_user ? "?code=#{current_user.code}" : "") end end diff --git a/app/views/layouts/_lightboxes.html.erb b/app/views/layouts/_lightboxes.html.erb index 46ab2edf..1ea13866 100644 --- a/app/views/layouts/_lightboxes.html.erb +++ b/app/views/layouts/_lightboxes.html.erb @@ -46,6 +46,7 @@
  • + <% # TODO enable ssl on blog.metamaps.cc %>
    blog @@ -58,7 +59,8 @@
  • - + <% # TODO switch to https:// once we're confident %> +
    terms
    @@ -115,7 +117,7 @@
  • Google Plus *
  • Hackpad *
  • Loomio *
  • -
  • Twitter *
  • +
  • Twitter *
  • Hipchat
  • Google Hangouts
  • Vimeo
  • @@ -152,6 +154,7 @@ Chrome Firefox Safari + <% # TODO https for blog.metamaps.cc %>

    While it's downloading, explore our blog,
    watch the tutorials, or visit our knowledge base! @@ -200,13 +203,14 @@

    Want to help with design, code, community building, or communications for Metamaps? We're an open value network, which for us means we want to invite and empower peers to participate in creating value together. + <% # TODO change this link to https once it works %>

    To be a USER, request an invite! We'll expect you to abide by our terms of service.

    To be a CONTRIBUTOR, simply enter our spaces and join the conversation! We'll expect you to follow some guidelines.

    MEMBERS are contributors who act as stewards and guardians of the collective and are responsible for maintaining our culture and purpose. We're working on a set of agreements to formalize what it means to be a member.

    -

    We welcome people of all skillsets to create value within our network. There's open possibilities for designers, researchers, academics, strategists, and facilitators to contribute. If you're a developer, help us advance the code and take a look around our Github.

    +

    We welcome people of all skillsets to create value within our network. There's open possibilities for designers, researchers, academics, strategists, and facilitators to contribute. If you're a developer, help us advance the code and take a look around our Github.

    Thanks for your interest in helping out with Metamaps! Hopefully this gets you pointed in the right direction to get involved. The next step is to read the links on this page and then contribute!

    From f35d4d51a974933cb9123f8074ce8ca3f2b19e4b Mon Sep 17 00:00:00 2001 From: Devin Howard Date: Sun, 20 Dec 2015 20:19:09 +0800 Subject: [PATCH 2/4] s3 over https by default --- config/environments/development.rb | 13 +++++++------ config/environments/production.rb | 11 ++++++----- 2 files changed, 13 insertions(+), 11 deletions(-) diff --git a/config/environments/development.rb b/config/environments/development.rb index cd440097..6aacdb20 100644 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -15,12 +15,13 @@ Metamaps::Application.configure do # S3 file storage config.paperclip_defaults = { - :storage => :s3, - :s3_credentials => { - :bucket => ENV['S3_BUCKET_NAME'], - :access_key_id => ENV['AWS_ACCESS_KEY_ID'], - :secret_access_key => ENV['AWS_SECRET_ACCESS_KEY'] - } + storage: :s3, + :s3_credentials: { + bucket: ENV['S3_BUCKET_NAME'], + access_key_id: ENV['AWS_ACCESS_KEY_ID'], + secret_access_key: ENV['AWS_SECRET_ACCESS_KEY'] + }, + s3_protocol: 'https' } config.action_mailer.delivery_method = :smtp diff --git a/config/environments/production.rb b/config/environments/production.rb index 192f631d..55220ee3 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -24,11 +24,12 @@ Metamaps::Application.configure do # S3 file storage config.paperclip_defaults = { :storage => :s3, - :s3_credentials => { - :bucket => ENV['S3_BUCKET_NAME'], - :access_key_id => ENV['AWS_ACCESS_KEY_ID'], - :secret_access_key => ENV['AWS_SECRET_ACCESS_KEY'] - } + s3_credentials: { + bucket: ENV['S3_BUCKET_NAME'], + access_key_id: ENV['AWS_ACCESS_KEY_ID'], + secret_access_key: ENV['AWS_SECRET_ACCESS_KEY'] + }, + s3_protocol: 'https' } config.action_mailer.delivery_method = :smtp From d33f4bffb1d9e00f9ceae2658dfe09923d6c1921 Mon Sep 17 00:00:00 2001 From: Devin Howard Date: Sun, 20 Dec 2015 20:19:24 +0800 Subject: [PATCH 3/4] typekit https --- app/views/layouts/application.html.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb index 9911466a..5dfaaa6f 100644 --- a/app/views/layouts/application.html.erb +++ b/app/views/layouts/application.html.erb @@ -16,7 +16,7 @@ <%= javascript_include_tag "application" %> - + From 603b9dc52e8ee39c9815aefc142655245ca3d6a1 Mon Sep 17 00:00:00 2001 From: Devin Howard Date: Mon, 21 Dec 2015 10:16:51 +0800 Subject: [PATCH 4/4] remove uservoice code --- app/views/layouts/application.html.erb | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb index 5dfaaa6f..bf351870 100644 --- a/app/views/layouts/application.html.erb +++ b/app/views/layouts/application.html.erb @@ -138,19 +138,8 @@ Metamaps.Loading.loader.setDensity(41); // default is 40 Metamaps.Loading.loader.setRange(0.9); // default is 1.3 Metamaps.Loading.loader.show(); // Hidden by default - - // set up uservoice with signed in user - <% if authenticated? && ENV['SSO_KEY'] %> - USERVOICE.load(Metamaps.Active.Mapper.name, Metamaps.Active.Mapper.id, "<%= user.email %>", "<%= current_sso_token %>"); - <% else %> - USERVOICE.load(); - <% end %> -<% if !authenticated? %> - -<% end %> - <%= render :partial => 'layouts/googleanalytics' if Rails.env.production? %>